Feature #4401
closedProof of concept for counting Location Updates in SIM applet
100%
Description
Before we put this part in the draft specification, we should make sure that we can actually count location updates in the SIM applet.
As proof of concept, we could increase a counter after each location update (independent of the IMSI for now), and display a message with the current counter after every location update.
From #4400:
Warning the user if SMS don't arrive¶
An attacker could possibly block the SMS with NEW PSEUDO IMSI REQ from arriving
at the SIM applet. In that case, the SIM would continue using the old pseudo
IMSI indefinitely.We could possibly count the location updates done with the same pseudo IMSI in
the SIM applet, and warn the user if the same pseudo IMSI has been used more
than N (e.g. 5) times.(Could be possible by listening to EVENT_DOWNLOAD_LOCATION_STATUS?)
Related issues
Updated by osmith about 4 years ago
- Status changed from New to In Progress
- Assignee set to osmith
Updated by osmith about 4 years ago
- % Done changed from 0 to 50
After testing the hello world example, I've modified it to display a message on every location update. This works! The message even gets shown while the phone is booting and it connects to the network with the Samsung feature phone I've tested it with.
Source is in imsi-pseudo.git:
https://gerrit.osmocom.org/plugins/gitiles/imsi-pseudo/+/refs/heads/master/sim-applet/
Next, I'm looking into increasing an counter on every location update, and making sure that this counter is persistent even after removing the battery.
Updated by osmith about 4 years ago
- Status changed from In Progress to Resolved
- % Done changed from 50 to 100
I thought that I need to access the filesystem and write it there (which had me confusing: where to write it exactly? we can't create new files...). But it's much easier:
static byte[] welcomeMsg = new byte[] { '0', 'x', ' ', 'L', 'U' };
welcomeMsg[0]++;
Works perfectly, and survives rebooting, even when taking out the battery :)
Source pushed.
Updated by osmith about 4 years ago
- Related to Feature #4400: Approach C: HLR decides and sends the entire next pseudo IMSI to SIM added
Updated by laforge about 4 years ago
On Fri, Feb 21, 2020 at 02:33:54PM +0000, osmith [REDMINE] wrote:
I thought that I need to access the filesystem and write it there
(which had me confusing: where to write it exactly? we can't create
new files...).
It may be possible to create new files on some cards under some
circumastances, but in general files are created at personalization
stage. I can personalize sysmoUSIM cards for you with additional files,
if you need it at some point.
But it's much easier:
> static byte[] welcomeMsg = new byte[] { '0', 'x', ' ', 'L', 'U' }; >> welcomeMsg[0]++; >
Works perfectly, and survives rebooting :)
It's one of the many oddities of the Java environment on smart cards: Any objects
you instantiate are always persistent. So if you want some temporary variables, you have
to actually explicitly allocate buffers/arrays in the heap. It requires serious
re-thinking from other environments.
Also, it is something to consider (not in this context, but in general when writing
such applets) in terms of flash write cycles...
